The Sesame framework comes with a pre-packaged web service (often referred to as the Sesame server). This web service enables deployment of Sesame as an online RDF database server, with multiple SPARQL query endpoints and full update capabilities.
In the default setup of the Sesame server, however, there is no security at all: everybody can access all available Sesame repositories, can query them, add data, remove data, and even change the server configuration (e.g. creating new databases or removing existing ones). Clearly this is not a desirable setup for a server which is publicly accessible.
Fortunately, it is possible to restrict access to a Sesame server, using standard Java web application technology: the Deployment Descriptor.
In this recipe, we will look at setting up some basic security constraints for a Sesame server, using the web application’s deployment descriptor, in combination with basic HTTP authentication. For the purpose of this explanation, we assume you have a default Sesame server running on Apache Tomcat 6.
0.1. Sesame HTTP REST protocol
The Sesame server implements a RESTful protocol for HTTP communication (it’s a superset of SPARQL protocol). What that comes down to is that the protocol defines specific locations, reachable by a specific URL using a specific HTTP method (GET, POST, etc.), for each repository and each operation on a repository.
This is good news for our security, as it means we can easily reuse HTTP-based security restrictions: since each operation on a repository maps to a specific URL and a specific method, we can have fairly fine-grained access control by simply restricting access to particular URL patterns and/or HTTP methods. read more
The SPARQL query language is extensible by nature: it allows implementors to define their own custom operators if the standard set of operators is not sufficient for the needs of some application.
Sesame’s SPARQL engine has been designed with this extensibility in mind: it allows you to define your own custom functions and use them as part of your SPARQL queries, like any other function. In this new recipe, I’ll show how to create a simple custom function. Specifically, we are going to implement a boolean function that detects if some string literal is a palindrome. read more…
From openRDF.org: Sesame 2.4.1 is a bugfix release, fixing various reported issues in the new SPARQL 1.1 query functionality and a number of stability/scalability improvements. Some highlights:
- SPARQL GROUP BY with complex expressions as arguments are now evaluated correctly (SES-774)
SUM and AVG now silently ignore non-numeric values (SES-788)
- Performance improvements in processing of aggregate operators (SES-789)
- Fix for native store data corruption issue (SES-776)
- Various other fixes and improvements in handling of property paths and aggregate operators
See the release notes for a full overview of all changes.